Listen to this page: audio icon

OWASP Top 10 Web App Security Risks - 2017

OWASP is the acronym for the Open Web Application Security Project - This is an external link..

Overview

The OWASP Top 10 is a powerful awareness document for web application security.

  • It represents a broad consensus about the most critical security risks to web applications.

  • Project members include a variety of security experts from around the world who have shared their expertise to produce this list.

OWASP urges all companies to adopt this awareness document within their organization and start the process of ensuring that their web applications minimize these risks. Adopting the OWASP Top 10 is perhaps the most effective first step towards changing the software development culture within your organization into one that produces secure code.

Insecure software is undermining our financial, healthcare, defense, energy, and other critical infrastructure.

  • As our software becomes increasingly complex, and connected, the difficulty of achieving application security increases exponentially.

  • The rapid pace of modern software development processes makes the most common risks essential to discover and resolve quickly and accurately.

  • We can no longer afford to tolerate relatively simple security problems like those presented in this OWASP Top 10.

A great deal of feedback was received during the creation of the OWASP Top 10 - 2017, more than for any other equivalent OWASP effort.

  • This shows how much passion the community has for the OWASP Top 10, and thus how critical it is for OWASP to get the Top 10 right for the majority of use cases.

  • Although the original goal of the OWASP Top 10 project was simply to raise awareness amongst developers and managers, it has become the de facto application security standard.

The OWASP Top 10-2017 is based primarily on 40+ data submissions from firms that specialize in application security and an industry survey that was completed by over 500 individuals.

  • This data spans vulnerabilities gathered from hundreds of organizations and over 100,000 real-world applications and APIs.

  • The Top 10 items are selected and prioritized according to this prevalence data, in combination with consensus estimates of exploitability, detectability, and impact.

  • A primary aim of the OWASP Top 10 is to educate developers, designers, architects, managers, and organizations about the consequences of the most common and most important web application security weaknesses.

  • The Top 10 provides basic techniques to protect against these high risk problem areas, and provides guidance on where to go from here.

Here are the OWASP Top 10 2017 Security Risks:

  1. Injection

  2. Broken Authentication

  3. Sensitive Data Exposure

  4. XML External Entities (XXE)

  5. Broken Access Control

  6. Security Misconfiguration

  7. Cross-Site Scripting (XSS)

  8. Insecure Deserialization

  9. Using Components with Known Vulnerabilities

  10. Insufficient Logging & Monitoring

▲ Top